RE: CRIME Virus list

From: brvarin@private
Date: Wed May 22 2002 - 12:28:12 PDT

  • Next message: John McHugh: "Re: CRIME Virus list"

    One more approach if you have it would be to utilize any network IDS sensor
    that you may have on your network. Most Network IDS have the ability to
    send out TCP Resets to both ends when a certain criteria is met. WIth Snort
    and Real Secure you can write a rule that will recognize a file name coming
    in via HTTP, FTP, Etc. and kill that connection. It's probably not
    something you would want to program in for every *.exe, etc. but it's one
    more countermeasure for the more frequent things like Klez and Nimda.
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:28 PDT